Terraform module for deploying an application to a Kubernetes cluster.
module "terraform-k8s-app" {
source = "git::https://github.com/sourcefuse/terraform-k8s-app.git"
for_each = local.k8s_apps
app_label = each.value.app_label
container_image = each.value.container_image
container_name = each.value.container_name
container_port = each.value.container_port
deployment_name = each.value.deployment_name
namespace_name = each.value.namespace_name
port = each.value.port
port_name = each.value.port_name
protocol = each.value.protocol
service_name = each.value.service_name
target_port = each.value.target_port
replica_count = each.value.replica_count
## pvc
persistent_volume_claim_enable = try(each.value.persistent_volume_claim_enable, false)
persistent_volume_claim_name = try(each.value.persistent_volume_claim_name, null)
persistent_volume_claim_labels = try(each.value.persistent_volume_claim_labels, {})
persistent_volume_claim_namespace = try(each.value.persistent_volume_claim_namespace, null)
persistent_volume_claim_resource_request = try(each.value.persistent_volume_claim_resource_request, {})
environment_variables = each.value.environment_variables
}
locals {
redis_host = "redis.${kubernetes_namespace.sourceloop_sandbox.metadata[0].name}.svc.cluster.local"
k8s_apps = {
redis_application = {
app_label = "redis"
container_image = var.redis_image
container_name = "redis"
container_port = 6379
deployment_name = "redis"
namespace_name = kubernetes_namespace.sourceloop_sandbox.metadata[0].name
port = 6379
port_name = "6379"
protocol = "TCP"
service_name = "redis"
target_port = 6379
replica_count = 1
environment_variables = []
}
}
}
Name | Version |
---|---|
terraform | >= 1.4.4 |
kubernetes | >= 2.0.0 |
time | >= 0.7.2 |
Name | Version |
---|---|
kubernetes | 2.6.1 |
time | 0.7.2 |
No modules.
Name | Type |
---|---|
kubernetes_config_map.default | resource |
kubernetes_deployment.default | resource |
kubernetes_persistent_volume.default | resource |
kubernetes_persistent_volume_claim.default | resource |
kubernetes_secret.default | resource |
kubernetes_service.default | resource |
time_sleep.create_config | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_label | Value for the app label used for label matching | string |
n/a | yes |
config_map_binary_data | Map of binary data for the config map. | map(any) |
{} |
no |
config_map_data | Map of data for the config map. | map(any) |
{} |
no |
config_map_enabled | Enable the Kubernetes config map. | bool |
false |
no |
config_map_name | Name to give the config map. | string |
null |
no |
container_image | Docker image for the k8s deployment | string |
n/a | yes |
container_name | Name of container for the k8s deployment | string |
n/a | yes |
container_port | Container port for the k8s deployment | number |
n/a | yes |
container_resources_enabled | Enable container resource limits / requests. | bool |
false |
no |
container_resources_limits | Describes the maximum amount of compute resources allowed. For more info see http://kubernetes.io/docs/user-guide/compute-resources | object({ |
{ |
no |
container_resources_requests | Describes the minimum amount of compute resources required. | object({ |
{ |
no |
csi_secret_volumes | List of maps of CSI volumes. These are used to dynamically generate the volume specs. | list(object({ |
[] |
no |
deployment_name | Name of the k8s deployment | string |
n/a | yes |
enable_kubernetes_service | Enable the kubernetes service. | bool |
true |
no |
env_secret_refs | List of secretKeyRefs to add to ENV variables. | list(object({ |
[] |
no |
environment_variables | List of maps for environment variables | list(object({ name = string, value = string })) |
[] |
no |
namespace_name | Name of the k8s namespace | string |
n/a | yes |
persistent_volume_access_modes | Contains all ways the volume can be mounted. Valid values are ReadWriteOnce, ReadOnlyMany, ReadWriteMany. | list(string) |
[ |
no |
persistent_volume_annotations | An unstructured key value map stored with the persistent volume that may be used to store arbitrary metadata. | map(any) |
{} |
no |
persistent_volume_claim_access_modes | A set of the desired access modes the volume should have. | list(string) |
[ |
no |
persistent_volume_claim_annotations | An unstructured key value map stored with the persistent volume claim that may be used to store arbitrary metadata. | map(any) |
{} |
no |
persistent_volume_claim_enable | Enable a persistent volume claim. | bool |
false |
no |
persistent_volume_claim_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume claim. May match selectors of replication controllers and services. | map(any) |
{} |
no |
persistent_volume_claim_name | Name of the persistent volume claim, must be unique. Cannot be updated. | string |
null |
no |
persistent_volume_claim_namespace | Namespace defines the space within which name of the persistent volume claim must be unique. | string |
null |
no |
persistent_volume_claim_resource_limits | Map describing the maximum amount of compute resources allowed. | map(string) |
{} |
no |
persistent_volume_claim_resource_request | Map describing the minimum amount of compute resources required. | map(string) |
{ |
no |
persistent_volume_claim_storage_class_name | Name of the storage class requested by the claim. | string |
null |
no |
persistent_volume_claim_volume_name | The binding reference to the PersistentVolume backing this claim. | string |
null |
no |
persistent_volume_enable | Enable a persistent volume. | bool |
false |
no |
persistent_volume_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume. May match selectors of replication controllers and services. | map(any) |
{} |
no |
persistent_volume_name | Name of the persistent volume, must be unique. Cannot be updated. | string |
null |
no |
persistent_volume_reclaim_policy | What happens to a persistent volume when released from its claim. Valid options are Retain (default), Delete and Recycle. Recycling must be supported by the volume plugin underlying this persistent volume. | string |
"Delete" |
no |
persistent_volume_secret_provider_class | Name of the secret provider class for CSI driver volume mounts for secret | string |
null |
no |
persistent_volume_secrets_driver | Driver for persistent volume. Defaults to CSI driver setting | string |
"secrets-store.csi.k8s.io" |
no |
persistent_volume_storage_size | Persistent volume size. | string |
"1Gi" |
no |
port | k8s service port | number |
n/a | yes |
port_name | Name of the service port | string |
n/a | yes |
protocol | k8s service protocol | string |
n/a | yes |
replica_count | k8s Deployment replica count | number |
n/a | yes |
secret_annotations | An unstructured key value map stored with the secret that may be used to store arbitrary metadata. | map(any) |
null |
no |
secret_data | A map of the secret data. | map(any) |
{} |
no |
secret_enable | Enable Kubernetes secrets resource. | bool |
false |
no |
secret_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the secret. | map(any) |
{} |
no |
secret_name | Name of the secret, must be unique. Cannot be updated. | string |
null |
no |
secret_namespace | Namespace defines the space within which name of the secret must be unique. | string |
null |
no |
secret_type | The secret type. Defaults to Opaque. See https://kubernetes.io/docs/concepts/configuration/secret/#secret-types for the different types. | string |
"Opaque" |
no |
service_account_name | Name of the service account to be used for this deployment. | string |
null |
no |
service_name | Name of the k8s service | string |
n/a | yes |
target_port | k8s service target port | number |
n/a | yes |
Name | Description |
---|---|
host | n/a |
service_name | n/a |
service_port | n/a |
Tests are available in test
directory located in the root of this project.
When something new has been added to the terraform example
configuration, it needs to be updated to include testing.
This can be achieved by adding the test to test/example_test.go
.
- For more information on Terratest, please see their Getting Started docs.
- For more information on k8s testing, see the k8s docs.
The following instructions will be done from the root of the project.
-
Build the image locally:
docker build -t terraform-k8s-app-test -f Dockerfile-test .
-
Start the container:
docker run -it -v $HOME/.kube/config:/home/tester/.kube/config:ro --net=host terraform-k8s-app-test
TL;DR: From the test
directory, run go-test.sh
to get all requirements and run a test.
-
Configure golang deps for tests
go get github.com/gruntwork-io/terratest/modules/terraform go get github.com/gruntwork-io/terratest/modules/k8s go get github.com/stretchr/testify/assert go get testing go get fmt
-OR-
./go-get.sh
-
From the
test
directory, run the below command:go test
-OR-
./go-test.sh
No requirements.
Name | Version |
---|---|
kubernetes | 2.6.1 |
time | 0.7.2 |
No modules.
Name | Type |
---|---|
kubernetes_config_map.default | resource |
kubernetes_deployment.default | resource |
kubernetes_persistent_volume.default | resource |
kubernetes_persistent_volume_claim.default | resource |
kubernetes_secret.default | resource |
kubernetes_service.default | resource |
time_sleep.create_config | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
app_label | Value for the app label used for label matching | string |
n/a | yes |
config_map_binary_data | Map of binary data for the config map. | map(any) |
{} |
no |
config_map_data | Map of data for the config map. | map(any) |
{} |
no |
config_map_enabled | Enable the Kubernetes config map. | bool |
false |
no |
config_map_name | Name to give the config map. | any |
null |
no |
container_image | Docker image for the k8s deployment | string |
n/a | yes |
container_name | Name of container for the k8s deployment | string |
n/a | yes |
container_port | Container port for the k8s deployment | number |
n/a | yes |
container_resources_enabled | Enable container resource limits / requests. | bool |
false |
no |
container_resources_limits | Describes the maximum amount of compute resources allowed. For more info see http://kubernetes.io/docs/user-guide/compute-resources | object({ |
{ |
no |
container_resources_requests | Describes the minimum amount of compute resources required. | object({ |
{ |
no |
csi_secret_volumes | List of maps of CSI volumes. These are used to dynamically generate the volume specs. | list(object({ |
[] |
no |
deployment_name | Name of the k8s deployment | string |
n/a | yes |
enable_kubernetes_service | Enable the kubernetes service. | bool |
true |
no |
env_secret_refs | List of secretKeyRefs to add to ENV variables. | list(object({ |
[] |
no |
environment_variables | List of maps for environment variables | list(object({ name = string, value = string })) |
[] |
no |
namespace_name | Name of the k8s namespace | string |
n/a | yes |
persistent_volume_access_modes | Contains all ways the volume can be mounted. Valid values are ReadWriteOnce, ReadOnlyMany, ReadWriteMany. | list(string) |
[ |
no |
persistent_volume_annotations | An unstructured key value map stored with the persistent volume that may be used to store arbitrary metadata. | map(any) |
{} |
no |
persistent_volume_claim_access_modes | A set of the desired access modes the volume should have. | list(string) |
[ |
no |
persistent_volume_claim_annotations | An unstructured key value map stored with the persistent volume claim that may be used to store arbitrary metadata. | map(any) |
{} |
no |
persistent_volume_claim_enable | Enable a persistent volume claim. | bool |
false |
no |
persistent_volume_claim_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume claim. May match selectors of replication controllers and services. | map(any) |
{} |
no |
persistent_volume_claim_name | Name of the persistent volume claim, must be unique. Cannot be updated. | any |
null |
no |
persistent_volume_claim_namespace | Namespace defines the space within which name of the persistent volume claim must be unique. | any |
null |
no |
persistent_volume_claim_resource_limits | Map describing the maximum amount of compute resources allowed. | map(string) |
{} |
no |
persistent_volume_claim_resource_request | Map describing the minimum amount of compute resources required. | map(string) |
{ |
no |
persistent_volume_claim_storage_class_name | Name of the storage class requested by the claim. | any |
null |
no |
persistent_volume_claim_storage_size | Map describing the minimum amount of compute resources required. | any |
null |
no |
persistent_volume_claim_volume_name | The binding reference to the PersistentVolume backing this claim. | any |
null |
no |
persistent_volume_enable | Enable a persistent volume. | bool |
false |
no |
persistent_volume_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume. May match selectors of replication controllers and services. | map(any) |
{} |
no |
persistent_volume_mount_path | Path to mount the persistent volume for secrets | string |
"/mnt/secrets-store" |
no |
persistent_volume_name | Name of the persistent volume, must be unique. Cannot be updated. | any |
null |
no |
persistent_volume_reclaim_policy | What happens to a persistent volume when released from its claim. Valid options are Retain (default), Delete and Recycle. Recycling must be supported by the volume plugin underlying this persistent volume. | string |
"Delete" |
no |
persistent_volume_secret_provider_class | Name of the secret provider class for CSI driver volume mounts for secret | string |
null |
no |
persistent_volume_secrets_driver | Driver for persistent volume. Defaults to CSI driver setting | string |
"secrets-store.csi.k8s.io" |
no |
persistent_volume_storage_path | Path of the directory on the host. | any |
null |
no |
persistent_volume_storage_size | Persistent volume size. | string |
"1Gi" |
no |
port | k8s service port | number |
n/a | yes |
port_name | Name of the service port | string |
n/a | yes |
protocol | k8s service protocol | string |
n/a | yes |
replica_count | k8s Deployment replica count | number |
n/a | yes |
secret_annotations | An unstructured key value map stored with the secret that may be used to store arbitrary metadata. | any |
null |
no |
secret_data | A map of the secret data. | map(any) |
{} |
no |
secret_enable | Enable Kubernetes secrets resource. | bool |
false |
no |
secret_labels | Map of string keys and values that can be used to organize and categorize (scope and select) the secret. | map(any) |
{} |
no |
secret_name | Name of the secret, must be unique. Cannot be updated. | any |
null |
no |
secret_namespace | Namespace defines the space within which name of the secret must be unique. | any |
null |
no |
secret_type | The secret type. Defaults to Opaque. See https://kubernetes.io/docs/concepts/configuration/secret/#secret-types for the different types. | string |
"Opaque" |
no |
service_account_name | Name of the service account to be used for this deployment. | any |
null |
no |
service_name | Name of the k8s service | string |
n/a | yes |
target_port | k8s service target port | number |
n/a | yes |
Name | Description |
---|---|
host | n/a |
service_name | n/a |
service_port | n/a |
This project is authored by:
- SourceFuse ARC Team